package ae.pcfc.etks.online.web.controller;

import java.util.Map;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.jboss.web.tomcat.security.login.WebAuthentication;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.support.SessionStatus;

import ae.pcfc.etks.online.common.exception.AccessDeniedException;
import ae.pcfc.etks.online.web.ConstantsAdmin;
import ae.pcfc.etks.online.web.PageType;
import ae.pcfc.etks.online.web.ViewPath;
import ae.pcfc.etks.online.web.ViewUtils;
import ae.pcfc.etks.online.web.model.ClientLogin;
import ae.pcfc.etks.online.web.model.Register;

/**
 * 
 * 
 * @author Mohtisham.Salahria
 */
@Controller
public class LoginLogoutController {

	/**
	 * Custom handler for displaying the form, i.e.: GET requests for
	 * /register/form.jsp
	 * 
	 * @see #form(HttpServletRequest,SessionStatus,Register, BindingResult)
	 * @see WEB-INF/jsp/login.jsp
	 */
	@Autowired
	WebAuthentication webAuthentication;
	
	private Map<String, String> propertyConstants;

	@Resource(name = "propertyConstants")
	public void setPropertyConstants(Map<String, String> propertyConstants) {
		this.propertyConstants = propertyConstants;
	}

	@RequestMapping(value = ViewPath.LOGIN + ".htm", method = RequestMethod.GET)
	public String form(
			HttpServletRequest request,
			@ModelAttribute(value = ConstantsAdmin.LOGIN_MODEL_KEY) ClientLogin login) {
		
		if(request.getParameter("error") != null && !request.getParameter("error").equals("2"))
		{			
			throw new AccessDeniedException();			
		}
		
		Object authObj = SecurityContextHolder.getContext().getAuthentication();

		/*
		 * The user is not authenticated in either J2EE request OR
		 * SpringSecurity (he should be authenticated in both to avoid
		 * SpringSecurity problems)
		 */
		if (request.getUserPrincipal() == null || authObj == null) {

			/*
			 * The calling application (like ehsservices) wants the user to be
			 * redirected to specific page after login, So we will save the
			 * redirected url in session to be able to redirect to after login.
			 */

			if (request.getParameter(ConstantsAdmin.REDIRECT_URL) != null
					&& !request.getParameter(ConstantsAdmin.REDIRECT_URL)
							.equals("")) {

				request.getSession().setAttribute(ConstantsAdmin.REDIRECT_URL,
						request.getParameter(ConstantsAdmin.REDIRECT_URL));

			} else {
				// if the current application (oaservices) wants a specific page
				//String requestedPage = propertyConstants.get("SERVER_URL") + ViewUtils
						//.getCurrentRequestedPage(request);
				String requestedPage = ViewUtils.getCurrentRequestedPage(request);
				
				if (requestedPage != null) {
					request.getSession().setAttribute(
							ConstantsAdmin.REDIRECT_URL, requestedPage);
				}

			}
			// forward the user to the normal login form
			return ViewUtils.getRedirect(ViewUtils.LOGIN_VIEW, PageType.FORM);

		}	
		
		
		// The user is authenticated so redirect to the home page
		return ViewUtils.getRedirect(ViewPath.USER_GENERAL_HOME, PageType.SHOW);

	}

	@RequestMapping(value = ViewPath.LOGOUT + ".htm")
	public String logout(HttpServletRequest request) {

		// Causes the HttpSession to be invalidated
		HttpSession session = request.getSession(false);
		if (session != null) {
			session.invalidate();
		}
		// clear the context explicitly
		SecurityContextHolder.clearContext();

		// Log the user out from the SSO valve
		webAuthentication.logout();

		return ViewUtils.getRedirect(ViewUtils.LOGIN_VIEW, PageType.FORM);
	}

}
